Friday December 09, 2016

Google announced earlier this week that it has released patches for a total of seventy four vulnerabilities, eleven of which were critical. The company says that it had no reports of active exploitation or abuse of these newly reported issues.

Partners were notified of the issues described in the bulletin on November 07, 2016 or earlier. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP. The most severe of these issues are Critical security vulnerabilities in device-specific code that could enable arbitrary code execution within the context of the kernel, leading to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device.